Journal:The effect of the General Data Protection Regulation on medical research
| Full article title | The effect of the General Data Protection Regulation on medical research |
|---|---|
| Journal | Journal of Medical Internet Research |
| Author(s) | Rumbold, John Mark Michael; Pierscionek, Barbara |
| Author affiliation(s) | Kingston University London, Nottingham Trent University |
| Primary contact | Email: J dot Rumbold [at] Kingston dot ac dot uk |
| Editors | Eysenbach, G. |
| Year published | 2017 |
| Volume and issue | 19 (2) |
| Page(s) | e47 |
| DOI | 10.2196/jmir.7108 |
| ISSN | 1438-8871 |
| Distribution license | Creative Commons Attribution 2.0 |
| Website | http://www.jmir.org/2017/2/e47/ |
| Download | http://www.jmir.org/2017/2/e47/pdf (PDF) |
 |
This article should not be considered complete until this message box has been removed. This is a work in progress. |
Abstract
Background: The enactment of the General Data Protection Regulation (GDPR) will impact on European data science. Particular concerns relating to consent requirements that would severely restrict medical data research have been raised.
Objective: Our objective is to explain the changes in data protection laws that apply to medical research and to discuss their potential impact.
Methods: Analysis of ethicolegal requirements imposed by the GDPR
Results: The GDPR makes the classification of pseudonymised data as personal data clearer, although it has not been entirely resolved. Biomedical research on personal data where consent has not been obtained must be of substantial public interest.
Conclusions: The GDPR introduces protections for data subjects that aim for consistency across the EU. The proposed changes will make little impact on biomedical data research.
Keywords: pseudonymity, anonymity, untraceability, privacy-preserving protocols, informatics, data reporting, data protection, research ethics
Overview
There have been significant developments in European Union (E.U.) data protection law recently that will have an impact on health care professionals, particularly those engaged in research and audit. The General Data Protection Regulation (GDPR) has replaced the current legislation and comes into full effect in 2018.[1] The implications for the handling of health care data of the GDPR will be discussed in this paper. Despite the recent referendum vote in the United Kingdom to leave the E.U., the GDPR will continue to be relevant to the United Kingdom, whether this is due to cooperation in European projects or because the United Kingdom continues to be a member of the European Economic Area (EEA).
The Data Protection Directive
Currently the relevant law in the United Kingdom is the Data Protection Act 1998, which is the United Kingdom’s transposition of the Data Protection Directive (DPD). European directives are not directly enforceable, requiring member states to pass legislation to comply with their requirements. There are derogations (legal exemptions) for research, which in the case of the United Kingdom have been criticized for being too broad. The LRDP Kantor report for the European Commission criticizes the United Kingdom for disregard of the limitations, stating that the Data Protection Act blatantly violates the Directive by adding "medical research" to the list of medical purposes.[2] The DPD requires a "substantial public interest" for member states to add to the derogations for processing of sensitive personal data (Article 8.4).
Differences between E.U. member states can result in research ethics committees in United Kingdom denying permission for National Health Service (NHS) data to be transferred to other E.U. countries (the opposite might also be the case in some circumstances).[3] These differences have also contributed to the passage of the GDPR as part of the Digital Single Market strategy.[4]
References
- ↑ "EUR-Lex - 32016R0679 - EN". EUR-Lex. European Union. 27 April 2016. http://eur-lex.europa.eu/eli/reg/2016/679/oj. Retrieved 04 February 2017.
- ↑ LRDP Kantor (20 January 2010). "Comparative study on different approaches to new privacy challenges in particular in the light of technology developments" (PDF). European Commission. http://ec.europa.eu/justice/policies/privacy/docs/studies/new_privacy_challenges/final_report_en.pdf. Retrieved 04 February 2017.
- ↑ Veerus, P.; Lexchin, J.; Hemminki, E. (2014). "Legislative regulation and ethical governance of medical research in different European Union countries". Journal of Medical Ethics 40 (6): 409-413. doi:10.1136/medethics-2012-101282.
- ↑ DG Justice (18 January 2016). "Reform of EU data protection rules". European Commission. http://ec.europa.eu/justice/data-protection/reform/index_en.htm. Retrieved 04 February 2017.
Notes
This presentation is faithful to the original, with only a few minor changes to presentation. In several cases the PubMed ID was missing and was added to make the reference more useful.
Per the distribution agreement, the following copyright information is also being added:
©John Mark Michael Rumbold, Barbara Pierscionek. Originally published in the Journal of Medical Internet Research (http://www.jmir.org), 24.02.2017.
